DERUUA

Latest news about information security vulnerabilities, threats, incidents and events

information security incidents

Prevention of security vulnerabilities, threats, and incidents described below is wiser and cheaper than forensic investigations and mitigation of the consequences of a cyber-attack.

You can get evidence of this fact from the news below.

Use our services to find and mitigate your security vulnerabilities before the security threat agents find them.




Ivanti Adds VPN and MDM Technolgies in Double Acquisition

28 Sep 2020 News Ivanti Adds VPN and MDM Technolgies in Double Acquisition. has announced the acquisitions of mobile device management vendor MobileIron and secure access and VPN provider Under the terms of the agreement, Ivanti will acquire all outstanding shares of MobileIron for a total value of approximately $872m...
More details.

Posted on 28 September 2020 4:04 pm


Researchers Uncover Cyber Espionage Operation Aimed At Indian Army - The Hacker News

Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information...
More details.

Posted on 28 September 2020 3:42 pm


Identity theft explained: Why businesses make tempting targets

image credit: pxhere Identity theft is the use of someone else’s personal information without permission, typically to conduct financial transactions. By personal information, we mean data that institutions use to identify or recognize you: your social security number, your bank account number, your address history, and so forth...
More details.

Posted on 28 September 2020 1:37 pm


Police Scotland to Establish Center of Excellence to Tackle Cybercrime

28 Sep 2020 News Police Scotland to Establish Center of Excellence to Tackle Cybercrime. Police Scotland is to establish a “center of excellence” for cybercrime with specialist staff deployed to help combat online offences including child sexual abuse, fraud and the sharing of indecent images...
More details.

Posted on 28 September 2020 11:10 am


Want Your Coffee Machine Back? Pay a Ransom

Avast infected the Smarter Coffee machine with ransomaware. (Source: Avast) An internet-connected coffee machine is the IoT latest device to show security problems. Avast infected the Smarter Coffee machine with ransomware that causes uncontrollable spinning of its grinder and dispensing of hot water...
More details.

Posted on 28 September 2020 11:07 am


Putin Wants a Truce Between Russia and U.S. in Cyberspace - The New York Times

MOSCOW — President Vladimir V. Putin of Russia on Friday proposed a truce with the United States in cyberspace, without acknowledging that his country has repeatedly used cybertechniques to attack elections from the Ukraine to the United States, stolen emails from the Defense Department to the White...
More details.

Posted on 28 September 2020 9:39 am


Acunetix Exhibiting at Infosecurity Online 2020

Infosecurity Online is the one-stop-shop for the most innovative ideas and networking opportunities in information and cybersecurity. You can find us by navigating to the Acunetix Infosecurity Online virtual booth on October 20-22, 2020...
More details.

Posted on 28 September 2020 8:55 am


Accenture to set up new Adelaide 'hub'

Accenture will set up a new delivery centre in Adelaide, which it says will create “up to” 2000 new jobs over five years. The consultancy said in a statement that it will build the ‘Accenture Adelaide Hub’, which will collaborate with similar hubs in Sydney, Melbourne, Perth and Canberra...
More details.

Posted on 27 September 2020 10:27 pm


Top 8 Best Web Security and Hacking Software for Security Professionals in 2020

Read the original article: Top 8 Best Web Security and Hacking Software for Security Professionals in 2020 Hacking software is not only used by hackers for criminal activities but it’s equally used by white hat hackers and security professionals to identify a vulnerability in a network or an endpoint...
More details.

Posted on 27 September 2020 5:20 pm


Windows XP Source Code Got Leaked All Over the Internet

Sorin Mustaca's aggregated IT Security News and articles about information security, vulnerabilities, exploits, patches, releases, software, features, hacks, laws, spam, viruses, malware, breaches. Read the original article: Windows XP Source Code Got Leaked All Over the Internet Plus: A cruel...
More details.

Posted on 27 September 2020 4:48 pm


A powerful DDoS attack hit Hungarian banks and telecoms services

Read the original article: A powerful DDoS attack hit Hungarian banks and telecoms services Hungarian financial institutions and telecommunications infrastructure were hit by a powerful DDoS attack originating from servers in Russia, China and Vietnam A powerful DDoS attack hit some Hungarian...
More details.

Posted on 27 September 2020 4:48 pm


Facebook fixes Instagram bug that turns phones into spying tools

Facebook has patched a critical vulnerability in Instagram that could have given an attacker the ability to take over a victims Instagram account, and turn their phone into a spying tool, simply by sending them a malicious image file...
More details.

Posted on 26 September 2020 7:27 pm


ThunderX ransomware silenced with release of a free decryptor

By GIXnews A decryptor for the ThunderX ransomware has been released by cybersecurity firm Tesorion that lets victims recover their files for free.
More details.

Posted on 26 September 2020 6:39 pm


Kount Launches New Podcast that Breaks Down the Latest Trends in Fraud, Digital Identity, eCommerce and Cybersecurity

Read the original article: Kount Launches New Podcast that Breaks Down the Latest Trends in Fraud, Digital Identity, eCommerce and Cybersecurity BOISE, Idaho–(BUSINESS WIRE)–Kount, the leader in fraud prevention and identity trust, today announced a new podcast called 5 Trends, 5 Minutes: Cyber & Fraud...
More details.

Posted on 26 September 2020 5:15 pm


Apple Releases Security Updates

Read the original article: Apple Releases Security Updates Original release date: September 25, 2020. Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system...
More details.

Posted on 26 September 2020 5:15 pm


Hackers stole more than $150 million from KuCoin cryptocurrency exchange

Read the original article: Hackers stole more than $150 million from KuCoin cryptocurrency exchange Singapore-based cryptocurrency exchange KuCoin disclosed a security breach, hackers stole $150 million from its hot wallets...
More details.

Posted on 26 September 2020 4:47 pm


6 Things to Know About the Microsoft 'Zerologon' Flaw

Concerns over a critical vulnerability that Microsoft disclosed in its Windows Netlogon Remote Protocol (MS-NRPC) in August were considerably heightened this week following reports of attackers actively targeting the flaw...
More details.

Posted on 25 September 2020 10:28 pm


Texas Software Provider Reports Cyber-attack

A cyber-attack has struck a Texas company that provides software services to schools and state and local governments across the United States. Tyler Technologies notified customers on September 23 that its phone and computer systems had been compromised by a bad actor...
More details.

Posted on 25 September 2020 9:21 pm


Facebook Removes More Accounts Linked to Russia

On Thursday, Facebook announced that it had removed three networks with Russian ties from its various platforms that included hundreds of fake users, pages, groups and postings. Each network focused on a different region in an attempt to spread disinformation or fake news about politics and current events...
More details.

Posted on 25 September 2020 8:51 pm


Comment on CISA says a hacker breached a federal agency

Catalin Cimpanu reports: A hacker has gained access and exfiltrated data from a federal agency, the Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday. The name of the hacked federal agency, the date of the intrusion, or any details about the intruder, such as an industry codename or state affiliation, were not disclosed...
More details.

Posted on 25 September 2020 5:28 pm


AA20-266A: LokiBot Malware

Original release date: September 22, 2020 | Last revised: September 23, 2020. Summary. This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework...
More details.

Posted on 22 September 2020 3:00 pm


AA20-259A: Iran-Based Threat Actor Exploits VPN Vulnerabilities

Original release date: September 15, 2020. Summary. This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques...
More details.

Posted on 15 September 2020 4:00 pm


AA20-258A: Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity

Original release date: September 14, 2020. Summary. The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U...
More details.

Posted on 14 September 2020 1:00 pm


AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity

Original release date: September 1, 2020 | Last revised: September 24, 2020. Summary. This joint advisory is the result of a collaborative research effort by the cybersecurity authorities of five nations: Australia,[ 1 ] Canada,[ 2 ] New Zealand,[ 3 ][ 4 ] the United Kingdom,[ 5 ] and the United States...
More details.

Posted on 1 September 2020 12:30 pm


AA20-239A: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks

Original release date: August 26, 2020 | Last revised: September 3, 2020. Summary. This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework...
More details.

Posted on 26 August 2020 2:17 pm


AA20-227A: Phishing Emails Used to Deploy KONNI Malware

Original release date: August 14, 2020. Summary. This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques...
More details.

Posted on 14 August 2020 12:59 pm


AA20-225A: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails

Original release date: August 12, 2020 | Last revised: August 14, 2020. Summary. The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails...
More details.

Posted on 12 August 2020 1:49 pm


Robot Motion Servers

This Alert contains a public report of a Remote Code Execution vulnerability affecting robot motion servers written in OEM exclusive programming languages running on the robot controller.
More details.

Posted on 4 August 2020 2:10 pm


AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Original release date: July 27, 2020 | Last revised: August 6, 2020. Summary. This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC)...
More details.

Posted on 27 July 2020 12:20 pm


AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

Original release date: July 24, 2020. Summary. The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902...
More details.

Posted on 24 July 2020 10:59 am


AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

Original release date: July 23, 2020. Summary. Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise  and  ATT&CK for Industrial Control Systems frameworks for all referenced threat actor techniques and mitigations...
More details.

Posted on 23 July 2020 2:29 pm


SweynTooth Vulnerabilities

This ALERT details vulnerabilities in SweynTooth's Bluetooth Low Energy (BLE) proof-of-concept (PoC) exploit code. This report was released without coordination with some of the affected vendors and without advance coordination with CISA...
More details.

Posted on 3 March 2020 3:20 pm


Mitsubishi Electric Europe B.V. smartRTU and INEA ME-RTU (Update A)

This updated alert is a follow-up to the original alert titled ICS-ALERT-19-225-01 Mitsubishi Electric smartRTU and INEA ME-RTU that was published August 13, 2019, on the ICS webpage on us-cert.gov. CISA is aware of a public report of a proof-of-concept (PoC) exploit code vulnerability affecting Mitsubishi Electric smartRTU devices...
More details.

Posted on 10 September 2019 2:30 pm


CAN Bus Network Implementation in Avionics

CISA is aware of a public report of insecure implementation of CAN bus networks affecting aircraft. According to this report, the CAN bus networks are exploitable when an attacker has unsupervised physical access to the aircraft...
More details.

Posted on 30 July 2019 1:00 pm


DICOM Standard in Medical Devices

NCCIC is aware of a public report of a vulnerability in the DICOM (Digital Imaging and Communications in Medicine) standard with proof-of-concept (PoC) exploit code. The DICOM standard is the international standard to transmit, store, retrieve, print, process, and display medical imaging information...
More details.

Posted on 11 June 2019 4:15 pm


Meltdown and Spectre Vulnerabilities (Update J)

This updated alert is a follow-up to the updated alert titled ICS-ALERT-18-011-01 Meltdown and Spectre Vulnerabilities (Update I) that was published September 11, 2018, on the NCCIC/ICS-CERT website.
More details.

Posted on 11 January 2018 5:51 pm


WAGO PFC200

NCCIC is aware of a public report of an improper authentication vulnerability affecting WAGO PFC200, a Programmable Logic Controller (PLC) device. According to this report, the vulnerability is exploitable by sending a TCP payload on the bound port...
More details.

Posted on 7 December 2017 9:11 pm


Eaton ELCSoft Vulnerabilities

NCCIC/ICS-CERT is aware of a public report of buffer overflow vulnerabilities affecting Eaton ELCSoft, a PLC programming software for Eaton Logic Control (ELC) controllers. According to the public report, which was coordinated with ICS-CERT prior to its public release, researcher Ariele Caltabiano (kimiya) working with Trend Micro's Zero Day Initiative, identified that an attacker can leverage these vulnerabilities to execute arbitrary code in the context of the process...
More details.

Posted on 4 August 2017 7:11 pm


CAN Bus Standard Vulnerability

NCCIC/ICS-CERT is aware of a public report of a vulnerability in the Controller Area Network (CAN) Bus standard with proof-of-concept (PoC) exploit code affecting CAN Bus, a broadcast based network standard...
More details.

Posted on 28 July 2017 7:34 pm


CRASHOVERRIDE Malware

CRASHOVERRIDE, aka, Industroyer, is the fourth family of malware publically identified as targeting industrial control systems (ICS). It uses a modular design, with payloads that target several industrial communication protocols and are capable of directly controlling switches and circuit breakers...
More details.

Posted on 25 July 2017 4:45 pm



What we do and what we offer.

About penetration tests and about our news.


Our certificates:

(ISC)2
CISSP
Offensive Security
OSCP
ISACA
CISA
CISM
Microsoft
PECB
LPTP
Qualys
PECB
LPTP
BSI
LPTP
BSI